Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/wsknEjm24Tmqnj5AbQzSZKLiyUk.roa
File:                     wsknEjm24Tmqnj5AbQzSZKLiyUk.roa (raw, json)
Hash identifier:          1F0f934WY0AhELOowB6/aUmK8URa7DHUIj0Gci4bhIA=
Subject key identifier:   C2:C9:27:12:39:B6:E1:39:AA:9E:3E:40:6D:0C:D2:64:A2:E2:C9:49
Certificate issuer:       /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial:       019EB404C37B644AE71500F60FB086383717
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/wsknEjm24Tmqnj5AbQzSZKLiyUk.roa
Signing time:             Thu 11 Jun 2026 00:11:11 +0000
ROA not before:           Thu 11 Jun 2026 00:11:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44094
IP address blocks:        138.124.107.0/24 maxlen: 24
                          138.124.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 18:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b4:04:c3:7b:64:4a:e7:15:00:f6:0f:b0:86:38:37:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
        Validity
            Not Before: Jun 11 00:11:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2c9271239b6e139aa9e3e406d0cd264a2e2c949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e9:8a:34:ca:9d:2a:6e:56:da:35:b1:01:d9:
                    da:65:d6:4f:ad:8a:99:fa:88:a1:4d:a8:1c:7b:00:
                    bf:b3:04:67:26:79:68:fd:18:26:48:8f:35:e8:69:
                    5b:a8:bc:6f:6e:4c:0f:42:46:fe:3a:87:b0:0a:f2:
                    0b:b9:d4:aa:e8:79:b7:01:c4:89:c9:f2:b7:fe:b5:
                    84:f5:4a:17:41:ba:48:a0:c8:8e:a1:3a:aa:37:e9:
                    55:3b:f5:6f:e1:bf:0c:39:bc:64:8c:54:16:92:93:
                    79:a1:28:dd:1e:72:ed:ff:7d:09:e5:1d:d3:30:b9:
                    09:ff:68:a7:be:bc:41:78:0e:6c:59:c9:5b:fa:a8:
                    17:23:ae:69:95:5b:1d:79:64:be:79:9b:68:4d:5c:
                    4b:27:17:65:ce:4e:99:58:63:80:e0:80:0c:4a:d4:
                    d3:71:94:9d:6c:90:3c:a8:22:58:9b:1a:03:68:4c:
                    18:f6:34:06:c8:0d:79:fa:49:e7:12:3b:f5:fe:eb:
                    f1:7e:22:7a:d8:d5:2e:4e:fb:23:a3:06:9c:01:16:
                    6d:7e:6a:e2:a7:10:93:7c:d3:99:d0:ed:db:73:b6:
                    80:41:0e:bb:26:bc:d9:8a:59:10:93:d7:55:dc:4f:
                    13:01:03:8b:87:87:e3:0e:62:46:2e:09:c6:49:f8:
                    a7:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:C9:27:12:39:B6:E1:39:AA:9E:3E:40:6D:0C:D2:64:A2:E2:C9:49
            X509v3 Authority Key Identifier:
                keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/wsknEjm24Tmqnj5AbQzSZKLiyUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.107.0/24
                  138.124.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:24:14:c6:e3:fd:a9:a8:fa:c5:88:d8:ce:23:af:85:71:ae:
         45:42:31:32:72:c1:0b:1d:90:0b:d5:cb:68:24:d8:8b:d2:e8:
         da:de:80:55:7e:04:2d:a9:f3:1b:dc:3d:4d:e3:ff:ca:e3:99:
         b8:d4:57:44:2d:27:fd:65:b0:7d:ed:69:4a:76:d3:00:15:bb:
         c3:b8:d1:7c:3d:ee:00:80:34:25:f6:3f:54:b8:46:36:9c:d2:
         de:86:2e:a0:89:81:c2:24:3e:2b:ab:45:20:10:d5:d9:f3:07:
         15:31:00:0d:49:b5:0e:af:8a:f3:13:ee:cb:9c:e8:0d:0e:99:
         c6:8a:ca:c4:d0:ae:25:24:48:6c:b8:b4:e9:75:d1:53:0c:b4:
         47:3a:47:29:a0:fc:4e:24:97:e7:d0:ee:90:ce:66:4a:f1:2a:
         56:c1:79:f2:16:35:2b:a5:76:e6:3a:ab:20:ca:30:dd:2b:c2:
         71:be:3a:a9:a3:b4:94:85:0c:aa:8d:49:d4:ae:ca:6f:10:ad:
         ae:5f:7e:c0:7f:aa:ce:35:c8:36:9c:4c:fa:2d:5a:31:1f:0c:
         85:44:67:34:61:73:5f:b6:36:d3:2c:77:82:55:eb:e9:10:49:
         60:24:e1:84:b5:43:be:bb:16:42:99:a7:f0:2d:10:b6:62:e8:
         8c:64:21:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ60BMN7ZErnFQD2D7CGODcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjYwNjExMDAxMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmM5MjcxMjM5YjZlMTM5YWE5ZTNlNDA2ZDBjZDI2NGEyZTJjOTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqemKNMqdKm5W2jWxAdnaZdZPrYqZ
+oihTagcewC/swRnJnlo/RgmSI816GlbqLxvbkwPQkb+OoewCvILudSq6Hm3AcSJ
yfK3/rWE9UoXQbpIoMiOoTqqN+lVO/Vv4b8MObxkjFQWkpN5oSjdHnLt/30J5R3T
MLkJ/2invrxBeA5sWclb+qgXI65plVsdeWS+eZtoTVxLJxdlzk6ZWGOA4IAMStTT
cZSdbJA8qCJYmxoDaEwY9jQGyA15+knnEjv1/uvxfiJ62NUuTvsjowacARZtfmri
pxCTfNOZ0O3bc7aAQQ67JrzZilkQk9dV3E8TAQOLh4fjDmJGLgnGSfinPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMLJJxI5tuE5qp4+QG0M0mSi4slJMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvd3NrbkVqbTI0VG1xbmo1QWJRelNaS0xpeVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAinxrAwQA
inxvMA0GCSqGSIb3DQEBCwUAA4IBAQA/JBTG4/2pqPrFiNjOI6+Fca5FQjEycsEL
HZAL1ctoJNiL0uja3oBVfgQtqfMb3D1N4//K45m41FdELSf9ZbB97WlKdtMAFbvD
uNF8Pe4AgDQl9j9UuEY2nNLehi6giYHCJD4rq0UgENXZ8wcVMQANSbUOr4rzE+7L
nOgNDpnGisrE0K4lJEhsuLTpddFTDLRHOkcpoPxOJJfn0O6QzmZK8SpWwXnyFjUr
pXbmOqsgyjDdK8Jxvjqpo7SUhQyqjUnUrspvEK2uX37Af6rONcg2nEz6LVoxHwyF
RGc0YXNftjbTLHeCVevpEElgJOGEtUO+uxZCmafwLRC2YuiMZCGs
-----END CERTIFICATE-----